Tiny Pies fights to get her Instagram account back after being hacked; warning for other companies
AUSTIN (KXAN) — Handcrafted and handmade, Tiny Pies are known for their great taste.
Photos of a variety of sweet and savory pies made from full recipes fill the Tiny Pies Instagram page.
“We cook from four generational recipes using local ingredients,” said Amanda Wadsworth, co-founder of Tiny Pies. “We can do breakfast, lunch, dinner and dessert.”
The family business has been a staple in Austin for over a decade, reaching customers through word of mouth and on social media platforms like Instagram.
Like many small businesses, Tiny Pies relied on its social media throughout the pandemic to keep customers informed and to find out if they were open. Last October, Wadsworth said her page, which had 55,000 followers, disappeared.
“We had 55,000 subscribers, and that was us heading into our busiest season of the year, moving into Thanksgiving. And so, it was devastating,” Wadsworth said.
Hackers demand ransom
She said they received an email about verifying their Instagram account. It showed the sender as “Checking Support” with a gmail address.
“We accidentally clicked on it, it looks legit,” Wadsworth explained. “We clicked on it. He was a hacker, and they asked us to give them a ransom, or they threatened to delete our account.
Wadsworth said the email appeared to be from Instagram with the logo and steps to verify their account. Once they clicked on it, they said they had received another email saying: “Your account is now temporarily blocked. We are waiting an hour to hear from you. If you do not reply to us, we clean up your account and sell it.
Wadsworth explained that she couldn’t log into Instagram, so she turned to Facebook for help and started a live chat with a representative.
“They told us in real time not to give in to the hackers’ demands and not pay the ransom, and that they would help us,” Wadsworth said. “We followed exactly what they told us to do to the letter and then our account was deleted.”
She said it never reached a point where they knew how much the pirates demanded.
Tap for the account to be restored
Ever since, Tiny Pies has been fighting to get her Instagram account back, more than seven months ago.
“The first reaction is that people just think you’ve gone bankrupt. So, you know, we had to fight and try to get messages across. So instead of focusing on what we need to focus on, we try to make sure people always know who we are, we’re always here. And it’s, you know, it distracts from what we need to focus on,” Wadsworth said.
Wadsworth and his team shared with KXAN several conversations over several weeks with Facebook about recovering his Instagram account after it was deleted by hackers.
In one, they were told an investigation was ongoing and Facebook was waiting for an internal team to respond.
KXAN Investigator Arezow Doost asked Meta, which owns Instagram and Facebook, why Tiny Pies’ Instagram account can’t be recovered and what companies should do in the event of a hack. After eight emails and multiple phone calls over a period of nearly two weeks, a Meta spokesperson told Doost that no comment would be provided on the filing.
KXAN has identified an Instagram security feature in the settings where users can verify emails and check which are real and which are fake.
Wadsworth said multiple team members are now reviewing all emails.
Warning to other companies
She contacted the FBI, DPS, and also the state attorney general’s office to see if there was anything that could be done.
The FBI advises against paying a hacker.
The Better Business Bureau has advised to be careful when interacting with links received via email or social media and to make it a habit to check for the “padlock” icon in a website address that indicates that it is secure.
Additionally, the organization said to enable strong authentication tools like security keys or a one-time code through an app on your phone.
The BBB explained that a survey in 2019 found that around one in five Americans have experienced a ransomware attack on a personal or work device – 46% say their company paid the ransom.
Tiny Pies was able to create a new profile with its original handle.
The company is now warning other small businesses as it rebuilds its own subscribers.
“It’s as if a history file had been deleted. It’s 10 years of our brand,” Wadsworth said. “Ten years of photos is 10 years of DMing people that we don’t have a record of now. It’s events and things that, you know, we don’t have a record of and other locations.